Cisco C220 M3 Скачать руководство пользователя страница 6

Страница: 6 / 10

Dirty Interface Outbout

Note

Action

Port

Protocol

Destination

Source

Allow outbound traffic from
samples. (To get accurate
results it is required that
malware be allowed to contact
its command and control
server using whatever port and
protocol it is designed to use.)

Allow

ANY

Internet

Dirty
Interface

Dirty Interface Inbound

Note

Action

Port

Protocol

Destination

Source

Deny all incoming
connections.

Deny

ANY

Dirty Internet

ANY

Clean Interface Outbound

Note

Action

Port

Protocol

Destination

Source

The appliance uses the clean
interface to initiate SMTP
connections to the configured
mail server.

Allow

TCP

SMTP Servers

Clean
Interface

Clean Interface Outbound (Optional)

Note

Action

Port

Protocol

Destination

Source

Optional, only required if
Clean DNS is configured.

Allow

TCP/UDP

Corporate DNS
Server

Clean
Interface

Optional, only required if
AMP for Endpoints Private
Cloud integration is used.

Allow

443

TCP

AMP Private Cloud

Clean
Interface

Allow connectivity to server
designated to receive Syslog
messages and Threat Grid
notifications.

Allow

514

UDP

Syslog Servers

Clean
Interface

Optional, only required if
LDAP is configured.

Allow

389

TCP/UDP

LDAP Servers

Clean
Interface

Optional, only required if
LDAP is configured.

Allow

636

TCP

LDAP Servers

Cean
Interface

Server Setup

Firewall Rules

Содержание C220 M3

Страница 1: ...nfigured you can use a remote KVM See CIMC Configuration Refer to the server product documentation for detailed hardware and environmental setup information See Product Documentation Network Interface Connections Setup The SFP modules must be connected to the chassis before the appliance is powered on for the session in which the configuration wizard is going to be run However wiring the SFP up to...

Страница 2: ...e two SFP ports and three Ethernet ports on the back of the appliance and attach the network cables as illustrated in Figure 4 Reserved is the non Admin SFP port that is reserved for future use Figure 1 Cisco UCS C220 M3 SFF Rack Server Figure 2 Cisco UCS C220 M3 Rear View Details Server Setup 2 Server Setup C220 M3 Rack Server Setup ...

Страница 3: ... plugged into the SFP may be safely hot plugged Note C220 M4 Rack Server Setup The interfaces must be properly connected and configured for the appliance to operate Use port 3 Slot 2 for the optional Clust interface The details for your appliance may differ from the illustrations Contact support threatgrid com if you have any questions Note Figure 3 Cisco UCS C220 M4 SFF Rack Server Server Setup 3...

Страница 4: ...logical and recommended setup for a Threat Grid Appliance However each customer s interface setup is different Depending on your network requirements you may decide to connect the Dirty interface to the inside or the Clean interface to the outside with appropriate network security measures in place for example Server Setup 4 Server Setup Network Interface Setup Diagram ...

Страница 5: ...port 8443 of the assigned clean IP Note Firewall Rules This section provides suggested firewall rules Implementing a restrictive outgoing policy on the Dirty interface for ports 22 and 19791 requires tracking updates over time and spending more time maintaining the firewall See the required destinations in the configuration sections Note Using IPv4LL address space 168 254 0 16 for the Dirty interf...

Страница 6: ...TP connections to the configured mail server Allow 25 TCP SMTP Servers Clean Interface Clean Interface Outbound Optional Note Action Port Protocol Destination Source Optional only required if Clean DNS is configured Allow 53 TCP UDP Corporate DNS Server Clean Interface Optional only required if AMP for Endpoints Private Cloud integration is used Allow 443 TCP AMP Private Cloud Clean Interface Allo...

Страница 7: ...id appliance is configured to send backups to an NFSv4 share Allow 2049 TCP NFSv4 Server Admin Interface Admin Interface Inbound Note Action Port Protocol Destination Source Allow SSH connectivity to the TGSH Dialog Allow 22 TCP Admin Interface Admin Subnet Allow Access to the OpAdmin Portal interface This will redirect to HTTPS TCP 443 Allow 80 TCP Admin Interface Admin Subnet Allow Access to the...

Страница 8: ...nnect with third party detection and enrichment services Allow 443 TCP TitaniumCloud Dirty Interface Power On and Boot Up Appliance Once you have connected the server peripherals network interfaces and power cables turn on the appliance and wait for it to boot up The Cisco screen is briefly displayed Figure 6 Cisco Screen During Bootup If you want to configure this interface press F8 after the mem...

Страница 9: ...ections are not yet configured and the OpAdmin Portal cannot be reached yet to perform this task The TGSH Dialog displays the initial administrator Password which will be needed to access and configure the OpAdmin Portal interface later in the configuration Make a note of the Password in a separate text file copy and paste Important Server Setup 9 Server Setup Power On and Boot Up Appliance ...

Страница 10: ...Server Setup 10 Server Setup Power On and Boot Up Appliance ...

Результаты поиска

Содержание C220 M3

Отзывы:

Похожие инструкции для C220 M3

Бренды по названию

Популярные бренды

Cisco C220 M3, Настройка

Результаты поиска

Содержание C220 M3

Отзывы:

Похожие инструкции для C220 M3

Бренды по названию

Популярные бренды